Synopsys Releases BSIMM10 Study Highlighting Impact of DevOps on Software Security

(STL.News) – Synopsys, Inc. (Nasdaq: SNPS) today released BSIMM10, the latest version of the Building Security In Maturity Model (BSIMM), designed to help organizations plan, execute, mature, and measure their software security initiatives (SSIs).  Synopsys has used the BSIMM nearly 450 times across 185 firms over the past decade, and this 10th iteration reflects software security activities observed across 122 firms.  BSIMM10 also highlights the impact of DevOps on software security initiatives, the emergence of a new wave of engineering-driven security efforts, and how firms progress through three phases of software security maturity.  To download the report, visit

“Since 2008, the BSIMM has served as an effective tool for understanding how organizations of all shapes and sizes, including some of the most advanced security teams in the world, are executing their software security strategies,” said Jim Routh, head of enterprise information risk management at MassMutual.  “The current BSIMM data reflect how many organizations are adapting their approaches to address the new dynamics of modern development and deployment practices, such as shorter release cycles, increased use of automation, and software-defined infrastructure.”

BSIMM10 describes the work of 7,900 software security professionals whose efforts guide and maximize the security efforts of nearly 470,000 developers working on more than 173,000 applications.  BSIMM10 represents firms in industry verticals including financial services, high tech, independent software vendors (ISVs), cloud, healthcare, Internet of Things (IoT), insurance, and retail.